feat: add database generation to grafana
- ensure a database, user and credential is created for each grafana node - ensure all databases for a region are included in a mariadb cluster - refine params with stdlib types
This commit is contained in:
@@ -0,0 +1,49 @@
|
||||
[Unit]
|
||||
Description=Grafana instance
|
||||
Documentation=http://docs.grafana.org
|
||||
Wants=network-online.target
|
||||
After=network-online.target
|
||||
After=postgresql.service mariadb.service mysqld.service influxdb.service
|
||||
|
||||
[Service]
|
||||
EnvironmentFile=/etc/sysconfig/grafana-server
|
||||
User=grafana
|
||||
Group=grafana
|
||||
Type=notify
|
||||
Restart=on-failure
|
||||
WorkingDirectory=/usr/share/grafana
|
||||
RuntimeDirectory=grafana
|
||||
RuntimeDirectoryMode=0750
|
||||
ExecStart=/usr/share/grafana/bin/grafana server \
|
||||
--config=${CONF_FILE} \
|
||||
--pidfile=${PID_FILE_DIR}/grafana-server.pid \
|
||||
--packaging=rpm \
|
||||
cfg:default.paths.logs=${LOG_DIR} \
|
||||
cfg:default.paths.data=${DATA_DIR} \
|
||||
cfg:default.paths.plugins=${PLUGINS_DIR} \
|
||||
cfg:default.paths.provisioning=${PROVISIONING_CFG_DIR}
|
||||
|
||||
LimitNOFILE=10000
|
||||
TimeoutStopSec=20
|
||||
CapabilityBoundingSet=
|
||||
DeviceAllow=
|
||||
LockPersonality=true
|
||||
MemoryDenyWriteExecute=false
|
||||
NoNewPrivileges=true
|
||||
PrivateDevices=true
|
||||
PrivateTmp=true
|
||||
ProtectControlGroups=true
|
||||
ProtectHome=true
|
||||
ProtectKernelModules=true
|
||||
ProtectKernelTunables=true
|
||||
ProtectSystem=full
|
||||
RemoveIPC=true
|
||||
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||
RestrictNamespaces=true
|
||||
RestrictRealtime=true
|
||||
RestrictSUIDSGID=true
|
||||
SystemCallArchitectures=native
|
||||
UMask=0027
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user